public ActionResult Details(Guid id) { using (var db = ApplicationDbContext.Create()) { var model = new ScriptedTaskModel(); TaskHelpers.InitializeTaskModel(model, id, this.task, db); if (!model.File.CatalogRecord.Curators.Any(x => x.UserName == User.Identity.Name)) { throw new HttpException(403, "Only curators may perform this task."); } model.IsUserCurator = true; // Add information about the variables. try { var variablesModel = FileToVariableEditorMapper.GetModelFromFile(model.File); model.VariablesJson = JsonConvert.SerializeObject(variablesModel.Variables); return(View("~/Areas/Ddi/Views/CheckForIdentifiableInformation/Details.cshtml", model)); } catch (Exception ex) { return(View("~/Areas/Ddi/Views/CheckForIdentifiableInformation/Details.cshtml", model)); } } }
public ActionResult Editor(Guid id) { var logger = LogManager.GetLogger("VariableController"); logger.Debug("Entering Variable.Editor()"); using (var db = ApplicationDbContext.Create()) { logger.Debug("Getting file information"); var file = GetFile(id, db); logger.Debug("Got file information"); try { logger.Debug("Creating model"); var model = FileToVariableEditorMapper.GetModelFromFile(file); logger.Debug("Created model"); var user = db.Users .Where(x => x.UserName == User.Identity.Name) .FirstOrDefault(); var permissions = db.Permissions .Where(x => x.User.Id == user.Id && x.Organization.Id == file.CatalogRecord.Organization.Id); bool userCanViewAll = permissions.Any(x => x.Right == Right.CanViewAllCatalogRecords); string createdByUserName = file.CatalogRecord.CreatedBy != null ? file.CatalogRecord.CreatedBy.UserName : string.Empty; bool isUserCreator = createdByUserName == User.Identity.Name; model.IsUserCurator = file.CatalogRecord.Curators.Any(x => x.UserName == User.Identity.Name); bool isApprover = file.CatalogRecord.Approvers.Any(x => x.UserName == User.Identity.Name || OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanApprove)); if (!isUserCreator && !model.IsUserCurator && !isApprover && !userCanViewAll) { logger.Warn("No permissions to show variable information"); throw new HttpException(403, "You must be a curator or an administrator to perform this action."); } logger.Debug("Leaving Variable.Editor()"); return(View("~/Areas/Ddi/Views/Variables/Editor.cshtml", model)); } catch (Exception ex) { logger.Error("Unhandled exception", ex); var model = new MissingPhysicalInstanceModel() { File = file, IsLocked = file.CatalogRecord.IsLocked, IsUserCurator = file.CatalogRecord.Curators.Any(x => x.UserName == User.Identity.Name), IsUserApprover = file.CatalogRecord.Approvers.Any(x => x.UserName == User.Identity.Name) || OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanApprove), OperationStatus = file.CatalogRecord.OperationStatus }; return(View("~/Areas/Ddi/Views/Variables/MissingPhysicalInstance.cshtml", model)); } } }